Page MenuHome GnuPG
Create Task
Maniphest T2059

Rate limit password attempts by pinentry.
Closed, ResolvedPublic
Actions

Description

GPG Agent tries to prevent brute forcing the passphrase. However, it doesn't
rate limit pinentry. If an incorrect passphrase is entered, gpg agent should
sleep for 100ms before replying to pinentry thereby limiting the rate to 10
tries per second without noticeably impacting the user interaction. See issue
2034 for details.

Related Objects
Search...

Event Timeline

neal added projects: gnupg, Bug Report.Jul 28 2015, 2:08 PM
neal added subscribers: dkg, neal.
neal mentioned this in T2034: pinentry emacs features need documentation.Mar 30 2017, 7:15 PM
neal added a parent task: T2034: pinentry emacs features need documentation.Jul 28 2015, 2:10 PM
werner added a subscriber: werner.Aug 3 2015, 11:30 AM

Each test for a passphrase takes about 100ms - thus you have your rate limit.

werner added a comment.Sep 9 2015, 4:31 PM

Is that okay or are concerned about keys with passphrsses generated on slower
boxes - they would indeed be checked faster than 100ms. Using gpg --passwd for
such keys adjusts the iteration count so that they will again be delayed by
about 100ms.

werner closed this task as Resolved.Oct 28 2015, 5:28 PM
werner claimed this task.
werner added a project: Not A Bug.